blankgrabber | 68822d6c10131aec5e680d59143a0c7e09618dea169b42914a10e9594a2053aa

General

Target

MochaLoader.exe
Size

7.6MB
Sample

241028-hepvjazraw
MD5

f5b091df07f924c1144e835a5a9ca5db
SHA1

70ed1944448e6ed47a8207916cd3970b3f31ca05
SHA256

68822d6c10131aec5e680d59143a0c7e09618dea169b42914a10e9594a2053aa
SHA512

ef2669b33577b28c1a047389fc7a1887e640bf0c2636c156270764a4fd73541099c23b5221049f484f7b3bed41d4439ba69467331f4f40e3276d832784598bdb
SSDEEP

196608:sPHYEwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jq:ZIHziK1piXLGVE4Ue0VJu

Score

10^/10

Malware Config

Targets

- Target
  
  MochaLoader.exe
- Size
  
  7.6MB
- MD5
  
  f5b091df07f924c1144e835a5a9ca5db
- SHA1
  
  70ed1944448e6ed47a8207916cd3970b3f31ca05
- SHA256
  
  68822d6c10131aec5e680d59143a0c7e09618dea169b42914a10e9594a2053aa
- SHA512
  
  ef2669b33577b28c1a047389fc7a1887e640bf0c2636c156270764a4fd73541099c23b5221049f484f7b3bed41d4439ba69467331f4f40e3276d832784598bdb
- SSDEEP
  
  196608:sPHYEwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jq:ZIHziK1piXLGVE4Ue0VJu
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2